1. 09 12月, 2014 18 次提交
  2. 06 12月, 2014 22 次提交
    • D
      Merge branch 'ebpf-next' · 8d0c4697
      David S. Miller 提交于
      Alexei Starovoitov says:
      
      ====================
      allow eBPF programs to be attached to sockets
      
      V1->V2:
      
      fixed comments in sample code to state clearly that packet data is accessed
      with LD_ABS instructions and not internal skb fields.
      Also replaced constants in:
      BPF_LD_ABS(BPF_B, 14 + 9 /* R0 = ip->proto */),
      with:
      BPF_LD_ABS(BPF_B, ETH_HLEN + offsetof(struct iphdr, protocol) /* R0 = ip->proto */),
      
      V1 cover:
      
      Introduce BPF_PROG_TYPE_SOCKET_FILTER type of eBPF programs that can be
      attached to sockets with setsockopt().
      Allow such programs to access maps via lookup/update/delete helpers.
      
      This feature was previewed by bpf manpage in commit b4fc1a46("Merge branch 'bpf-next'")
      Now it can actually run.
      
      1st patch adds LD_ABS/LD_IND instruction verification and
      2nd patch adds new setsockopt() flag.
      Patches 3-6 are examples in assembler and in C.
      
      Though native eBPF programs are way more powerful than classic filters
      (attachable through similar setsockopt() call), they don't have skb field
      accessors yet. Like skb->pkt_type, skb->dev->ifindex are not accessible.
      There are sevaral ways to achieve that. That will be in the next set of patches.
      So in this set native eBPF programs can only read data from packet and
      access maps.
      
      The most powerful example is sockex2_kern.c from patch 6 where ~200 lines of C
      are compiled into ~300 of eBPF instructions.
      It shows how quite complex packet parsing can be done.
      
      LLVM used to build examples is at https://github.com/iovisor/llvm
      which is fork of llvm trunk that I'm cleaning up for upstreaming.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      8d0c4697
    • A
      samples: bpf: large eBPF program in C · fbe33108
      Alexei Starovoitov 提交于
      sockex2_kern.c is purposefully large eBPF program in C.
      llvm compiles ~200 lines of C code into ~300 eBPF instructions.
      
      It's similar to __skb_flow_dissect() to demonstrate that complex packet parsing
      can be done by eBPF.
      Then it uses (struct flow_keys)->dst IP address (or hash of ipv6 dst) to keep
      stats of number of packets per IP.
      User space loads eBPF program, attaches it to loopback interface and prints
      dest_ip->#packets stats every second.
      
      Usage:
      $sudo samples/bpf/sockex2
      ip 127.0.0.1 count 19
      ip 127.0.0.1 count 178115
      ip 127.0.0.1 count 369437
      ip 127.0.0.1 count 559841
      ip 127.0.0.1 count 750539
      Signed-off-by: NAlexei Starovoitov <ast@plumgrid.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      fbe33108
    • A
      samples: bpf: trivial eBPF program in C · a8085782
      Alexei Starovoitov 提交于
      this example does the same task as previous socket example
      in assembler, but this one does it in C.
      
      eBPF program in kernel does:
          /* assume that packet is IPv4, load one byte of IP->proto */
          int index = load_byte(skb, ETH_HLEN + offsetof(struct iphdr, protocol));
          long *value;
      
          value = bpf_map_lookup_elem(&my_map, &index);
          if (value)
              __sync_fetch_and_add(value, 1);
      
      Corresponding user space reads map[tcp], map[udp], map[icmp]
      and prints protocol stats every second
      Signed-off-by: NAlexei Starovoitov <ast@plumgrid.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      a8085782
    • A
      samples: bpf: elf_bpf file loader · 249b812d
      Alexei Starovoitov 提交于
      simple .o parser and loader using BPF syscall.
      .o is a standard ELF generated by LLVM backend
      
      It parses elf file compiled by llvm .c->.o
      - parses 'maps' section and creates maps via BPF syscall
      - parses 'license' section and passes it to syscall
      - parses elf relocations for BPF maps and adjusts BPF_LD_IMM64 insns
        by storing map_fd into insn->imm and marking such insns as BPF_PSEUDO_MAP_FD
      - loads eBPF programs via BPF syscall
      
      One ELF file can contain multiple BPF programs.
      
      int load_bpf_file(char *path);
      populates prog_fd[] and map_fd[] with FDs received from bpf syscall
      
      bpf_helpers.h - helper functions available to eBPF programs written in C
      Signed-off-by: NAlexei Starovoitov <ast@plumgrid.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      249b812d
    • A
      samples: bpf: example of stateful socket filtering · 03f4723e
      Alexei Starovoitov 提交于
      this socket filter example does:
      - creates arraymap in kernel with key 4 bytes and value 8 bytes
      
      - loads eBPF program which assumes that packet is IPv4 and loads one byte of
        IP->proto from the packet and uses it as a key in a map
      
        r0 = skb->data[ETH_HLEN + offsetof(struct iphdr, protocol)];
        *(u32*)(fp - 4) = r0;
        value = bpf_map_lookup_elem(map_fd, fp - 4);
        if (value)
             (*(u64*)value) += 1;
      
      - attaches this program to raw socket
      
      - every second user space reads map[IPPROTO_TCP], map[IPPROTO_UDP], map[IPPROTO_ICMP]
        to see how many packets of given protocol were seen on loopback interface
      
      Usage:
      $sudo samples/bpf/sock_example
      TCP 0 UDP 0 ICMP 0 packets
      TCP 187600 UDP 0 ICMP 4 packets
      TCP 376504 UDP 0 ICMP 8 packets
      TCP 563116 UDP 0 ICMP 12 packets
      TCP 753144 UDP 0 ICMP 16 packets
      Signed-off-by: NAlexei Starovoitov <ast@plumgrid.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      03f4723e
    • A
      net: sock: allow eBPF programs to be attached to sockets · 89aa0758
      Alexei Starovoitov 提交于
      introduce new setsockopt() command:
      
      setsockopt(sock, SOL_SOCKET, SO_ATTACH_BPF, &prog_fd, sizeof(prog_fd))
      
      where prog_fd was received from syscall bpf(BPF_PROG_LOAD, attr, ...)
      and attr->prog_type == BPF_PROG_TYPE_SOCKET_FILTER
      
      setsockopt() calls bpf_prog_get() which increments refcnt of the program,
      so it doesn't get unloaded while socket is using the program.
      
      The same eBPF program can be attached to multiple sockets.
      
      User task exit automatically closes socket which calls sk_filter_uncharge()
      which decrements refcnt of eBPF program
      Signed-off-by: NAlexei Starovoitov <ast@plumgrid.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      89aa0758
    • A
      bpf: verifier: add checks for BPF_ABS | BPF_IND instructions · ddd872bc
      Alexei Starovoitov 提交于
      introduce program type BPF_PROG_TYPE_SOCKET_FILTER that is used
      for attaching programs to sockets where ctx == skb.
      
      add verifier checks for ABS/IND instructions which can only be seen
      in socket filters, therefore the check:
        if (env->prog->aux->prog_type != BPF_PROG_TYPE_SOCKET_FILTER)
          verbose("BPF_LD_ABS|IND instructions are only allowed in socket filters\n");
      Signed-off-by: NAlexei Starovoitov <ast@plumgrid.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      ddd872bc
    • J
      tun/macvtap: use consume_skb() instead of kfree_skb() when needed · f51a5e82
      Jason Wang 提交于
      To be more friendly with drop monitor, we should only call kfree_skb() when
      the packets were dropped and use consume_skb() in other cases.
      
      Cc: Eric Dumazet <eric.dumazet@gmail.com>
      Signed-off-by: NJason Wang <jasowang@redhat.com>
      Acked-by: NMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      f51a5e82
    • M
      net-PA Semi: Deletion of unnecessary checks before the function call "pci_dev_put" · 6db16718
      Markus Elfring 提交于
      The pci_dev_put() function tests whether its argument is NULL
      and then returns immediately. Thus the test around the call
      is not needed.
      
      This issue was detected by using the Coccinelle software.
      Signed-off-by: NMarkus Elfring <elfring@users.sourceforge.net>
      Acked-by: NOlof Johansson <olof@lixom.net>
      Acked-by: NLuis R. Rodriguez <mcgrof@suse.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      6db16718
    • M
      net-ipvlan: Deletion of an unnecessary check before the function call "free_percpu" · 04901cea
      Markus Elfring 提交于
      The free_percpu() function tests whether its argument is NULL and then
      returns immediately. Thus the test around the call is not needed.
      
      This issue was detected by using the Coccinelle software.
      Signed-off-by: NMarkus Elfring <elfring@users.sourceforge.net>
      Acked-by: NMahesh Bandewar <maheshb@google.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      04901cea
    • M
      net: cassini: Deletion of an unnecessary check before the function call "vfree" · 39af455d
      Markus Elfring 提交于
      The vfree() function performs also input parameter validation.
      Thus the test around the call is not needed.
      
      This issue was detected by using the Coccinelle software.
      Signed-off-by: NMarkus Elfring <elfring@users.sourceforge.net>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      39af455d
    • A
      stmmac: pci: allocate memory resources dynamically · c4b2b9a8
      Andy Shevchenko 提交于
      Instead of using global variables we are going to use dynamically allocated
      memory. It allows to append a support of more than one ethernet adapter which
      might have different settings simultaniously.
      Signed-off-by: NAndy Shevchenko <andriy.shevchenko@linux.intel.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      c4b2b9a8
    • D
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next · 244ebd9f
      David S. Miller 提交于
      Pablo Neira Ayuso says:
      
      ====================
      Netfilter updates for net-next
      
      The following batch contains netfilter updates for net-next. Basically,
      enhancements for xt_recent, skip zeroing of timer in conntrack, fix
      linking problem with recent redirect support for nf_tables, ipset
      updates and a couple of cleanups. More specifically, they are:
      
      1) Rise maximum number per IP address to be remembered in xt_recent
         while retaining backward compatibility, from Florian Westphal.
      
      2) Skip zeroing timer area in nf_conn objects, also from Florian.
      
      3) Inspect IPv4 and IPv6 traffic from the bridge to allow filtering using
         using meta l4proto and transport layer header, from Alvaro Neira.
      
      4) Fix linking problems in the new redirect support when CONFIG_IPV6=n
         and IP6_NF_IPTABLES=n.
      
      And ipset updates from Jozsef Kadlecsik:
      
      5) Support updating element extensions when the set is full (fixes
         netfilter bugzilla id 880).
      
      6) Fix set match with 32-bits userspace / 64-bits kernel.
      
      7) Indicate explicitly when /0 networks are supported in ipset.
      
      8) Simplify cidr handling for hash:*net* types.
      
      9) Allocate the proper size of memory when /0 networks are supported.
      
      10) Explicitly add padding elements to hash:net,net and hash:net,port,
          because the elements must be u32 sized for the used hash function.
      
      Jozsef is also cooking ipset RCU conversion which should land soon if
      they reach the merge window in time.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      244ebd9f
    • D
      Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/net-next · ddd5c50f
      David S. Miller 提交于
      Jeff Kirsher says:
      
      ====================
      Intel Wired LAN Driver Updates 2014-12-05
      
      This series contains updates to ixgbe and ixgbevf.
      
      Alex provides a couple of patches to cleanup ixgbe.  First cleans up the
      page reuse code getting it into a state where all the workarounds needed
      are in place as well as cleaning up a few minor oversights such as using
      __free_pages instead of put_page to drop a locally allocated page.  Then
      cleans up the tail writes for the ixgbe descriptor queues.
      
      Mark Peterson adds support to lookup MAC addresses in Open Firmware or
      IDPROM.
      
      Emil provides patches for ixgbe and ixgbevf to fix an issue on rmmod and
      to add support for X550 in the VF driver.  First removes the read/write
      operations to the CIAA/D registers since it can block access to the PCI
      config space and make use of standard kernel functions for accessing the
      PCI config space.  Then fixes an issue where the driver has logic to free
      up used data in case any of the checks in ixgbe_probe() fail, however
      there is a similar set of cleanups that can occur on driver unload in
      ixgbe_remove() which can cause the rmmod command to crash.
      
      Don provides the remaining patches in the series to complete the addition
      of X550 support into the ixgbe driver.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      ddd5c50f
    • E
      ixgbevf: fix possible crashes in probe and remove · 0333464f
      Emil Tantilov 提交于
      This patch resolves couple of issues in ixgbevf_probe/remove():
      
      1. Fix a case where adapter->state is tested after free_netdev() this is
      same as the patch for ixgbe from Daniel Borkmann <dborkman@redhat.com>:
      commit b5b2ffc0 ("ixgbe: fix use after free adapter->state test in ixgbe_remove/ixgbe_probe")
      
      2. Move pci_set_drvdata() after all the error checks in ixgbevf_probe() and
      then add a check in ixgbevf_probe() to avoid running the cleanup functions
      twice in cases where probe failed.
      
      CC: Daniel Borkmann <dborkman@redhat.com>
      Signed-off-by: NEmil Tantilov <emil.s.tantilov@intel.com>
      Signed-off-by: NJeff Kirsher <jeffrey.t.kirsher@intel.com>
      0333464f
    • E
      ixgbevf: add support for X550 VFs · 47068b0d
      Emil Tantilov 提交于
      This patch adds initial support for VFs on a new mac - X550.
      
      The patch adds the basic structures and device IDs for the X550 VFs
      that would allow the driver to load and pass traffic.
      Signed-off-by: NEmil Tantilov <emil.s.tantilov@intel.com>
      Signed-off-by: NJeff Kirsher <jeffrey.t.kirsher@intel.com>
      47068b0d
    • E
      ixgbe: fix crash on rmmod after probe fail · 0fb6a55c
      Emil Tantilov 提交于
      The driver has logic to free up used data in case any of the checks in
      ixgbe_probe() fail, however there is a similar set of cleanups that can
      occur on driver unload in ixgbe_remove() which can cause the rmmod command
      to crash.
      
      This patch aims to fix the logic by moving pci_set_drvdata() after all error
      checks and then adds a check in ixgbe_remove() to skip it altogether if
      adapter comes up empty.
      Signed-off-by: NEmil Tantilov <emil.s.tantilov@intel.com>
      Signed-off-by: NJeff Kirsher <jeffrey.t.kirsher@intel.com>
      0fb6a55c
    • D
      ixgbe: bump version number · 9be4a9bb
      Don Skidmore 提交于
      Since we now support X550 mac's bump the version number to reflect this.
      Signed-off-by: NDon Skidmore <donald.c.skidmore@intel.com>
      Signed-off-by: NJeff Kirsher <jeffrey.t.kirsher@intel.com>
      9be4a9bb
    • D
      ixgbe: Add X550 support function pointers · 6a14ee0c
      Don Skidmore 提交于
      This patch extends the function pointer structure to include the new
      X550 class MAC types. This creates a new file ixgbe_x550.c that contains
      all of the new methods.  Because of similarities to the X540 part in
      some cases we just use it's methods where they can be used without any
      modification.  These exported functions are now defined in the new
      ixgbe_x540.h file.
      Signed-off-by: NDon Skidmore <donald.c.skidmore@intel.com>
      Signed-off-by: NJeff Kirsher <jeffrey.t.kirsher@intel.com>
      6a14ee0c
    • D
      ixgbe: cleanup checksum to allow error results · 735c35af
      Don Skidmore 提交于
      Currently the shared code checksum calculation function only
      returns a u16 and cannot return an error code. Unfortunately
      a variety of errors can happen that completely prevent the
      calculation of a checksum. So, change the function return value
      from a u16 to an s32 and return a negative value on error, or the
      positive checksum value when there is no error.
      Signed-off-by: NDon Skidmore <donald.c.skidmore@intel.com>
      Signed-off-by: NJeff Kirsher <jeffrey.t.kirsher@intel.com>
      735c35af
    • D
      ixgbe: add methods for combined read and write operations · 28abba05
      Don Skidmore 提交于
      Some X550 procedures will be using CS4227 PHY and need to
      perform combined read and write operations.  This patch
      adds those methods.
      Signed-off-by: NDon Skidmore <donald.c.skidmore@intel.com>
      Signed-off-by: NJeff Kirsher <jeffrey.t.kirsher@intel.com>
      28abba05
    • D
      ixgbe: Add x550 SW/FW semaphore support · 030eaece
      Don Skidmore 提交于
      The X550 hardware will use more bits in the mask, so change
      the prototypes to match.  This larger mask will require changes
      in callers which use the higher bits. Likewise since X550 will
      use different semaphore mask values and will use the lan_id
      value.  So save these values in the ixgbe_phy_info struct.
      Signed-off-by: NDon Skidmore <donald.c.skidmore@intel.com>
      Signed-off-by: NJeff Kirsher <jeffrey.t.kirsher@intel.com>
      030eaece